AWS has added support for Valkey 7.2 on Amazon ElastiCache and Amazon MemoryDB, a fully managed in-memory services.
Code Intelligence is adding support for JavaScript into OSS-Fuzz, Google’s platform for continuous fuzzing for open-source software.
JavaScript is one of the most widely used programming languages, especially in the context of web applications. However, security testing for the JavaScript landscape is insufficient, due to a lack of reliable security tools and good integration to common development environments. As part of Code Intelligence's initiative to develop advanced fuzzing and bug detection capabilities for memory-safe languages, it recently released Jazzer.js, a state-of-the-art fuzz testing engine that brings the advancements of white-box fuzzing into the JavaScript ecosystem.
The integration of Jazzer.js into OSS-Fuzz will be the second major language integration from Code Intelligence into Google’s open-source security testing service, for which Code Intelligence provides a complete and advanced fuzzing and bug detection solution. The company’s previous fuzz testing integration into OSS-Fuzz, for Java projects, has already contributed to finding over 500 critical bugs and security vulnerabilities, including remote code execution (such as Log4Shell), Cross-Site Scripting, and injections.
OSS-Fuzz integrates advanced, industry-standard fuzzing technologies for the languages it supports. As part of their collaboration, Code Intelligence has been a strong contributor to OSS-Fuzz for memory-safe languages, such as Java and Go:
“We’ve continuously made improvements to OSS-Fuzz’s infrastructure over the years and expanded our language offerings to cover C/C++, Go, Rust, Java, Python, and Swift, and have introduced support for new frameworks such as FuzzTest.” says Oliver Chang, Senior Staff Engineer at Google’s OSS Fuzzing Team. “Additionally, as part of an ongoing collaboration with Code Intelligence, we’ll soon have support for JavaScript fuzzing through Jazzer.js.”
Jazzer.js is free, open-source, and offers a Jest testing framework integration, so developers can write fuzz tests as easily as unit tests. Furthermore, Jazzer.js is released into the node package manager (npm) so that it is easily accessible by developers. As a result, developers can benefit from excellent integration into their integrated development environments (IDEs), such as IntelliJ and Visual Studio Code, out-of-the-box.
“Our mission is to give every developer the necessary tools to write more secure code.”, says Khaled Yakdan, Chief Scientist and Co-Founder of Code Intelligence. “I’m very glad about the collaboration with Google’s Open-Source Security Team. This will help in making the JavaScript ecosystem more reliable and secure.”
Jazzer.js enables coverage-guided fuzzing for JavaScript and the Node.js.
Industry News
MineOS announced a major upgrade: Data Subject Request Management (DSR) 2.0.
Snyk announced advancements to its platform to elevate risk-based application security through developer-first, AI-driven solutions.
Buildkite announced a Scale-Out Delivery Platform, providing the adaptability and scalability required by the world’s most demanding and complex computing environments.
MindStudio announced Serverless AI Functions as part of its new MindStudio for Developers offering.
Parasoft has achieved the widely recognized and respected TÜV SÜD certification for the development of its C/C++test CT (continuous testing) product.
StackGen announced enhanced support for developers utilizing Argo CD, a GitOps continuous delivery tool for Kubernetes.
Data Theorem announced the launch of Code Secure, the latest evolution in application security designed to protect the software supply chain from code to deployment.
Anthropic unveiled the Message Batches API – a cost-effective way to process large volumes of queries asynchronously.
RiverMeadow announced support for Red Hat OpenShift Virtualization, enabling organizations to seamlessly run and manage virtual machines alongside containerized applications in a single platform that can run in both on-premises and cloud environments.
Netlify announced three new enhancements to its product suite that will enable web application development and content publishing.
Check Point® Software Technologies Ltd. announced its position as a leader in The Forrester Wave™: Enterprise Firewalls, Q4 2024 report.
Sonar announced two new product capabilities for today’s AI-driven software development ecosystem.
Redgate announced a wide range of product updates supporting multiple database management systems (DBMS) across its entire portfolio, designed to support IT professionals grappling with today’s complex database landscape.